Description
In Self-Sovereign Identity systems (SSI systems), identities are fully under control of the user. This also includes physical control, that means
that the identity information is stored locally on the machine of the user. Even though this is beneficial from a privacy and security point of view,
it also leads to some problems. If the local identity information gets lost due to hardware failure or physical loss of a device, the identity cannot
be restored. Further, identities cannot be accessed from other machines, like mobile devices of the same user. We consider the identity escrow problem
in detail for the SSI system reclaimID and provide an implementation of an escrow component for that system. In this thesis, we present possibilities
for identity escrow, a secure export of an identity which can only be restored by the user. Therefore, we propose an abstraction of the general procedure
and operations of identity escrow. Based on our abstraction, we introduce two instantiations of escrow mechanisms. Our main focus in this thesis lies on
identity key escrow, leaving out other elements of identities like attributes.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching